Home
alias sh4dy = __asm("sh4dy")
Cancel

Nullcon GOA 2023 - Cloud

Upon accessing the URL of the provided lambda function in the challenge, we obtain an aws_access_key_id, an aws_secret_access_key, and an aws_session_token. These can serve as temporary credentia...

Crewctf Web3 Writeups

Challenge 1 : Positive This challenge proved to be fairly straightforward as we were provided with two smart contracts, namely Setup.sol and Positive.sol. Within the setup contract’s constructor, ...

Blackmatter Ransomware

By analyzing the executable using PE bear, it becomes evident that it solely imports three DLLs: kernel32.dll, user32.dll, and gdi32.dll. This suggests that either the executable is packed or some ...

TikTok Spyware

In this post, I will provide an in-depth technical analysis of an application portraying itself as TikTok Pro which is a dangerous spyware. APK Metadata Malware sample: here MD5: 9fed52ee7312e2...

Darkcrystal

In this post, I will provide an in-depth technical analysis of Dark Crystal RAT, a backdoor written in C#. File Metadata Malware sample: here MD5: b478d340a787b85e086cc951d0696cb1 SHA256: 8d...

Cookiethief Malware Analysis

In this post, I will provide an in-depth technical analysis of a malicious android application that steals cookies from the browser and sends them to a C2 server. APK Metadata Malware sample: he...

Free Followers (Ransomware)

In this post, I will provide an in-depth technical analysis of the malicious Android application known as “Free Followers,” specifically focusing on its ransomware functionality. APK Metadata Ma...

Umdctf Writeups

Below are my write-ups for the Pokeball Escape and Bleep challenges that were part of UMDCTF 2023. Pokeball Escape After decompiling the Pokeball Escape application using JADX, we get the follo...

Conti Ransomware

Overview Packed Sample : https://bazaar.abuse.ch/sample/03b9c7a3b73f15dfc2dcb0b74f3e971fdda7d1d1e2010c6d1861043f90a2fecd/ Unpacked Sample : https://bazaar.abuse.ch/sample/d3c75c5bc4ae087d547bd722...

Reversing WarZone Rat

Description WarZone is a Remote Access Trojan (RAT) that is sold on a publicly available website, as a Malware-as-a-Service. MD5: 48FF98ED6AE74DA9C1FEF59B40699BAE SHA256: 4537FAB9DE768A668AB4E72A...